Cryptorbit "Your personal files are encrypted!" removal instructions

What is Cryptorbit?

The Cryptorbit ransomware virus infiltrates users' computers using infected email messages and P2P networks. After successful infiltration, this malicious program encrypts files (*.doc, *.docx, *.xls, *.ppt, *.psd, *.pdf, *.eps, *.ai, *.cdr, *.jpg, etc.) stored on users' computers and demands payment of a 0,5 BTC (Bitcoins) ransom in order to decrypt the files. At time of writing, 0,5 BTC was equivalent to approximately $400 USD. This ransomware is identical to a previous variant named Cryptolocker. PC users should be aware that, whilst the infection itself is not complicated to remove, decryption of files affected by this malicious program is impossible without paying the ransom. At time of research, no tools or solutions capable of decrypting files encrypted by Cryptorbit were available.

Immediately following infection of the user's operating system, this ransomware contacts a command-and-control server and generates a public key used to encrypt the data. After successfully encrypting the detected files, Cryptorbit displays a message (screenshot below) explaining how users may retrieve their files. Note that the private key, capable of decrypting the files, is stored within Cryptorbit's command-and-control servers, which are managed by cyber criminals. The best way to deal with this ransomware is to eliminate it from your computer and restore the affected files from a backup.

The existence of ransomware infections such as Cryptorbit are a strong argument to maintain regular backups of your stored files. Note that paying the ransom as demanded by Cryptorbit is equivalent to sending your money to cyber criminals - you will support their malicious business model, and moreover, there is no guarantee that your files will be decrypted. To avoid system infection by ransomware, express caution when opening email messages, since cyber criminals use various catchy titles in order to trick PC users into opening the infected attachments. Examples include, "Voice Message from Unknown", "Important - attached form", "Payroll Invoice", "New contract agreement", etc. Recent research shows that cyber criminals also use P2P networks in an attempt to trick PC users into downloading Cryptorbit.

Message presented by the Cryptorbit ransomware virus:

CryptorbitYOUR PERSONAL FILES ARE ENCRYPTED

All files including videos, photos and documents, etc on your computer are encrypted. Encryption was produced using a unique public key generated for this computer. To decrypt files, you need to obtain the private key. The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files. In order to decrypt the files, open site 4sfxctgp53imlvzk.onion.to/index.php and follow the steps below: 1. You must download and install this browser: torproject.org/projects/torbrowser.html.en 2. After installation, run the browser and enter the address: 4sfxctgp53imlvzk.onion/index.php 3. Follow the instructions on the web-site. We remind you that the sooner you do, the more chances are left to recover the files.

Screenshot of "Cryptorbit Decryptor":

Note that at time of writing, there were no known tools able to decrypt files encrypted by Cryptorbit. We will update this article as soon as there is more information regarding the decryption of the compromised files.

Instant automatic removal of Cryptorbit ransomware:Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of Cryptorbit ransomware. Download it by clicking the button below:▼ DOWNLOAD SpyhunterBy downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.

Log in to the account that is infected with Cryptorbit Virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

To restore the individual files encrypted by this ransomware, try using Windows Previous Versions feature. This method is only effective if the System Restore function was enabled on an infected operating system.

To restore a file, right-click on it, go into Properties and select the Previous Versions tab. If the selected file has a Restore Point, select it and click the "Restore" button.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt),boot your computer using a rescue disk. Some variants of this ransomware disable Safe Mode, making its removal more complicated. For this step, you require access to another computer.

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010. Follow me on Twitter to stay informed about the latest online security threats.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

A QR code (Quick Response Code) is a machine-readable code which stores URLs and other information. This code can be read using a camera on a smartphone or a tablet. Scan this QR code to have an easy access removal guide of Cryptorbit ransomware on your mobile device.